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With Cloudflare as your API security gateway, APIs will drive business like never before. 


APIs make the world go around - some 58% of global 
internet traffic is APl-related. Attackers know this, 
prompting Gartner to estimate that APIs will soon 
become the most frequent attack vector. 


Cloudflare API Shield keeps APIs secure and productive 
with API discovery and innovative, layered defenses. 
API Shield is part of Cloudflare's application security 
portfolio that also stops bots, thwarts DDoS attacks, 
blocks application attacks and monitors for supply chain 
attacks. 


Our application security products work closely with 
our performance suite, delivered by the world’s most- 
connected global cloud platform. 


API Security Innovation 


API Shield discovers all APIs in use while delivering layered API security. 


Our world-class DDoS protections at the network and application layers 
accompany API Shield for additional protection. 


API discovery 
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Automatic API discovery eliminates shadow 
APIs by ensuring all API endpoints are 
discovered and monitored for better API 
management. 


API schema validation 


Secure APIs with a positive security model, that 
enforces on an API schema. With an OpenAPI 
v3 schema in place, requests will automatically 
be validated against it. Any operations that do 
not conform to the schema are blocked. 


Stronger authentication 
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Verify certificate-based identity with mutual 
TLS (mTLS). This allowlist model, managed 
by Cloudflare, is important for mobile and loT 
devices, blocking requests without a valid 
certificate. Cloudflare also checks for stolen 
credentials being used. 


Stopping abuse and data loss 


Advanced anomaly detection stops 

abusive, volumetric API traffic based on an 
understanding of an API's particular volume. 
The Cloudflare network also delivers data loss 
prevention that detects and blocks exfiltration 
of sensitive information in API responses. 


1888 99 FLARE | enterprise@cloudflare.com | www.cloudflare.com 


REV: 2020JANO1 


a. 


CLOUDFLARE 


Key API security risks 


Given the security challenges APIs present, OWASP released a top ten list 


of API security risks that must be accounted for. Cloudflare will help with all 
OWASP API risks - see a few top concerns outlined below. 


Broken object level authorization 
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Broken object level authorization (BOLA) is 
manipulation of object IDs within a request to 
gain unauthorized access to sensitive data. 
With BOLA, attackers access objects (data) 
that they should not have access to, by merely 
changing the IDs. 


Lack of Resources & Rate Limiting 


Without proper abuse protections and rate 
limits that restrict the size or number of 
resources requested, APIs are susceptible to 
brute force and denial of service attacks, while 
API server performance suffers. 


Broken User Authentication 


Authentication is critical but is often 
implemented improperly. Attackers exploit 
flaws (or lack of authentication) to log-in illicitly 
or assume another user’s identity. API security 
is compromised if systems can't correctly 
authenticate clients/users. 


Improper Assets Management 
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Improper assets management occurs when 
there is no API discovery that tracks both 
current, production APIs and those that have 
been deprecated, leading to shadow or rogue 
APIs. This can also occur via poor API activity 


logging. 


World-class application security 


The most precise protection 


Always thread the needle between 
security and business with precise 
protections against API threats, bots 
and attacks. Cloudflare has been 
tested and tuned for the largest 
businesses. 
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Vast integrated capability 


No slapdash acquisition code bases 
thrown together. Rather, integrated 
security, from a single console, 
constantly sharpening its threat 
stopping ability. Performance like 
CDN, DNS, and traffic acceleration 


Comprehensive security postures 


We deliver full, enterprise-ready, 
cost-effective security capabilities. 
We'll never bleed you dry with 
limited base offerings requiring 
expensive add-ons or 3rd party 
marketplace integrations for a 
strong security posture. 


Cloudflare Leadership 


Organizations gain a more effective application security 
posture with the Cloudflare global network as their 
enterprise security perimeter. The Cloudflare application 
security portfolio has received numerous accolades for 
its strength and breadth. Gartner named the Cloudflare 
WAF a 2021 Customer's Choice. Frost & Sullivan 
recognized Cloudflare as an Innovation Leader in Global 
Holistic Web Protection while IDC and Forrester named 
the company the DDoS leader. 
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